Cloud Computer Forensics - Essay Example

Computer Forensics Name Institution Instructor Course Date Computer Forensics Introduction Today most businesses are conducted through computers. To be precise most companies that have been successful in the business world heavily invest in IT and computer development. Computers use a wide range of software such as internet, office applications and customer relationship tools. Any computer software requires repair, upgrading, and updating when necessary (Bayuk, 2010). Cloud computing deals with these issues by offering various computer applications through the internet instead of them being fixed directly on the client’s computer. Cloud Computing Forensics In cloud computing, a central server is hosted with application which carries out maintenance and updates where the cost is spread among all the users and paid through subscription fee. Due to the many subscribers that can be available, there is a possibility of an application being offered even if there is no maintenance required by the user. A survey that was conducted by AppLabs, a firm involved in software testing, around 30 per cent of the companies listed in the Forbes 2000 were using cloud applications with another 20% planning to make use of cloud computing in one year’s period (Krutz & Vines, 2010). Introduction of cloud computing has provided computer crime investigators with new problems and benefits. Computer forensics is investigation that involves analysis of computer equipment scientifically in order to recover admissible evidence. In a situation where the security of an organization’s data is interfered with, then the services of computer forensic experts are sought. The first stage in the collection of evidence is the replication of all computer drives to ensure that no evidence is contaminated. This process can be quite tedious unless information is stored within cloud computing applications. Cloud computing allows a quick access to the stored data and hence making the investigation to take less time than expected.Although cloud computing is an important venture for businesses it is also faced with its own problems and challenges. To access a server to stat an application through the internet exposes the user to a number of security threats (Krutz & Vines, 2010). When sensitive data is stored in a remote server there is a lot of uncertainty about the accessibility by second party that might tamper with privacy. In Most times the customer might not be aware of the exact physical location of the stored data. In an event that the server crashes the customer might not be in a position to know the procedures and policies to be followed for data recovery. Legal compliances might be missing in the exact position where the data is stored making the data accessibility an uphill task. If the data is stored in a server foe along time, its availability could become a major concern if the main provider ceases to offer such serves either due to lack of resources or by merging with another provider. There are quite a number of concerns that are raised by cloud computing (Sako & Saitoh, 2011). These include law enforcement and the concerns are about the location of the potential digital evidence and the various methods used in its preservation. If for instance is a business is exposed to a criminal investigation it can transfer all the business operations to cloud computing. This enables the business to continue with its regular operations while the migrated data is being exposed to forensic analysis. The risk with data migration is that businesses might shift their data to destinations or countries where privacy laws might be absent or not enforced. To establish the chain involved in the movement of data may be difficult and this poses a challenge in determining the authenticity of the data stored (Vacca, 2005). Authenticity involves finding out who had access to the data and whether there was any leakage. When a client exits cloud application there are some forensic issues that are affected. Items that are subjected to forensic analysis such as temporary files and other registries which are normally stored in the virtual environment may be lost through some unexplainable circumstances. In some circumstances the owners of the data may be involved in a malicious exercise by using the host server via a different IP address. The owners might then lay claims that their passwords were stolen by other users. The cloud services might affect how a forensic examiner the exact digital data to a court. All forensic examiners concur there lacks a universal way of extracting data from cloud application where at times there might be very minimal evidence available (Anson & Bunting, 2007). It therefore emerges that cloud computing is a technological aspect that is a challenge to law enforcement officials and computer forensic analysts. It is not an easy task for forensic analysts to carry out investigations that involve a cloud-based criminal activity. In the contemporary society there is a lot of computer centred crime that targets computer systems, storage devices, and computer networks. There is also a rise in computer assisted crime where people use computer systems in executing criminal activities Computer forensics implies the collection of evidence during a criminal investigation from computer networks or digital appliances (Caloyannides, 2004). The evidence gathered may involve user files, browsers, databases, or network firewalls. Any information that a user leaves behind after using a computer system can be a subject to network forensics. Computer forensics is a field that requires technical skills in the relationship between the operating system, hardware, programs and the computer networks in use. If the data is encrypted cryptographic skills are applied to access the hidden data (Anson & Bunting, 2007). The process of evidence collection must however ensure that the evidence collected is acceptable in any recognized court of law. The four main elements of network forensics include identification, preservation, analysis, and presentation of evidence. In the preservation process the main aim is to minimize the handling of the original data or evidence while the rules of evidence have to be adhered to. The method used in the preservation of evidence in networks forensics include maintaining the original copies of the data using write blockers to protect any overwriting on the original disk. The analysis is done using copies of the data to avoid tampering with the original data (Stolfo & Bellovin, 2008). The tools that are used in the preservation of evidence include utilities such as MDA-5, open sources such as SleuthKit, and commercial tools such as ProDiscover and DataAccess. All the findings of a network forensic investigation are presented in court. It is the duty of a computer forensic expert to convince lawyers and judges the authenticity of the evidence. The evidence however should match the requirements of the local jurisdiction. The findings may be presented in form of a report. In the conventional computer forensics, the computer hardware are seized, turned off, and eventually taken to a forensic lab for analysis. In the process of investigation the main focus should be directed towards the acquisition of evidence which must be admissible in court. In the contemporary society, computer forensics is faced with a number of challenges. Drives that have large capacity of even more than 1TB make the process of copying data to be slow. The data files systems that are used in computers today enable users to hide some data and can only be accessed by using specialized tools (Kizza, 2008). Some mechanisms used in computer operating systems may be poorly documented making it difficult for network forensics to obtain data during investigations. Another technological challenge that faces forensic experts is the development of the online data storage. This affects forensic experts because data may be stored outside the physical computer hardware. Currently there are even some on-line providers who offer free data storage. There are instances where data is stored in countries that have different legal jurisdiction. In the instance where we sites are used to store data it is very difficult to establish the legal jurisdiction of the evidence gathered. If other countries fail to cooperate the forensic experts may not be able to access the required evidence. Cyber Forensics Cyber forensics is concerned with the extraction of reliable and accurate information from computer storage for the purposes of carrying investigation on cyber crime. Any electronic evidence that is collected is fragile and can easily be altered or modified. Cyber thieves and dishonest employees may hide and destroy data that can be used as evidence against their criminal activities (Volonino & Anzaldua, 2008). This can be achieved by use of shareware and other commercial programs that might be available. The global development of internet and the dependency on it by many organizations should make such organizations to be more cautious by ensuring that all the data is well safeguarded. When computer systems are attacked the forensic experts must be able to collect the electronic evidence necessary for identifying the misuse and to bring justice to people who might have carried out the misuse. The introduction of World Wide Web provides cyber criminals with opportunities to hack the organizations of their interest and choice. Some of the crimes committed through internet and hence warrant the services of cyber forensics experts include network attacks, accessing bank accounts and stealing money, credit card fraud, corporate espionage, and the distribution of child pornography (Brinkmann, 2003). Ukraine is one of the countries in the world where cyber terrorism is very rampant and hence pause a social danger. In the Republic of Moldova, the number of internet has grown tremendously where 20 per cent of them are government officials. During the period of 2006-2007 all the attempted computer attacks were dealt with successfully to avoid interruption of state information systems. Security of telecommunication system is paramount in such a country just like anywhere else in the world. The Center of Special Telecommunications is responsible for protecting telecommunication system from being attacked by cyber criminals. This organization has been quite successful in its endeavours of developing protective measures for the government agencies (Garrison, Lillard & Schiller, 2010). Currently the telecommunication system in Moldova has fiber optic network systems that re more than 30km long and connecting more than sixty state agencies. State agencies are therefore able to exchange information via high speed encrypted networks. To government is mandated with developing a protected communication system between various agencies and ministries due to the increase in cyber criminals. Some of the security measures employed by the Center of Special Telecommunication include introduction of digital signatures in operating systems (Anastasi, 2003). Digital signatures are one way that documents can be protected from being accessed by unauthorized personnel. Due to the enhanced security measures in the information systems only 12 per cent of computer crimes are subjected to cyber forensics. In 2006 computer criminals caused damages worth $400,000 to foreign organizations in the Republic of Byelorussia, and this were mostly banks as it was reported by cyber crime investigators (Volonino & Anzaldua, 2008). As a result more than 430 legal proceeding against cyber criminals were initiated with the FBI involving its own cyber forensics experts to carry out the investigations. The number of the cyber criminals in Byelorussia has increased as the enrolment to universities has also increased. It is actually reported that 80 per cent of the hackers in the country are students in universities. The country reported around 2000 computer crimes in 2006 where 180 criminal cases were initiated with the help from the cyber forensic experts. Most of the computer crimes in Belarus are planned and executed by people aged 18-29 years (Bouridane, 2009). Reports fro the Ministry of Internal affairs indicate computer sabotage, theft of credit cards, and fraud as the most common cyber crimes in Belarus. The main challenge facing cyber forensics in CIS countries is the lack of cooperation in fighting computer crime. These countries failed to implement the policy of joint investigations by the cyber forensics experts and this led to a major blow in the investigation procedures. The Massive Distributed Denial of Service Attacks (DDOS) attacks are used to hack websites in other countries. This complicates the investigation procedures foe such crimes due to localization and jurisdiction of crimes and criminals. For the operations in computer forensics to be successful cooperation between countries is crucial in combating the spread of internet crime. With the continuous change in technology the regulations that govern the cyber forensics are also changing especially in the field of auditing and law enforcement (EC-Council, 2009). Everyday there are new techniques that are developed to assist forensic experts with reliable ways of gathering and compiling electronic evidence as this will be vital in prosecuting cyber criminals. Network Forensics For any organization to maintain security in its networks, it is important to monitor all the information being transmitted in the internet connection. Recording all the transaction in the internet is quite simple in theory but difficult to implement. An easier approach would be to monitor all the traffic across the networks but only record information that may be deemed worthy for further analysis (Fisher & Kolowski, 2006). This approach is advantageous because computers can certainly monitor more information than they can store since memory is faster than disk. Instead of monitoring the small network traffic between internal and external networks it is better to monitor a busy LAN. In addition this approach guarantees some element of privacy especially if the data is never written on the computer disk. There are some instances where it is illegal to record or monitor information without a genuine reason to do so or a court order. The approach that could be used in this case would be “stop, look, and listen” approach that was initiated by Marcus Ranum in the 1990s. This was the basis of many systems that are used by network forensics experts today. Some of these systems include Ranum’s Network Flight Recorder, Raytheon’s Silent Runner, and snort intrusion detection system. Systems that re used for monitoring computer networks may be run on a standard Intel based PC to capture information with Ethernet interface. The systems then write the information on disk files as analysis is performed in batches. It therefore means that these systems require large disks for the storage of data (Garrison, Lillard & Schiller, 2010). Regardless of the size of the disks they eventually have to fill up and so the systems have regulations for erasing old data to create room for the new data. The attention that should be accorded to the hardware used for network monitoring depends on how complex your network is and the amount of data to be monitored. When a computer is exposed to a security breach it is really difficult to quantify the overall risk to an organization. In an event that an organization is not able to identify the cause of the security breach, the services of the network forensic experts may be sought. In financial organizations the nature of the data handled makes security fundamental. Programs such as Visa International and MasterCard International are some of the examples where data handling should be done with a lot of caution (Horninger, 2007). After a security breach in an organization, network forensics investigators arrive at the scene ready to gather all the relevant evidence. Third party examinations are conducted and they include examination of security breaches that involve confidential customer information. The investigation on the site is conducted on three steps. The first step involves the network forensics investigators trying to understand the network infrastructure and the way the information flows in an organization. Interviews are then conducted on the personnel in order to identify the case from a client’s perspective. The third process involves data collection to get relevant sources of evidence that can be useful for the investigation. What follows is the intensive data analysis (Jahankhani, Watson & Me, 2009). The investigation aims to establish the period that the attack took place, the methods used by the attacker, the magnitude of the damages caused, and the source of attack. In addition, the investigation team gathers any sort of evidence that might be let behind by the attacker which can act as a litigation support. Some critical mistakes that organizations make after a network attack include the failure to maintain the quality at the scene of investigation (Kanellis, 2006). Organizations may also make changes to the network before the forensic investigation is conducted and this slows down the network forensic investigations. Database Forensics This is a branch of digital science that relates to forensic investigation of databases. It is quite similar to computer forensics. Forensic investigation of database focuses to identify the timelines of the database users (Wiles, Cardwell & Reyes, 2007). It may also identify all the transactions within a database system in order to identify actions that lead to an attack or a fraud. There are some software tools such as ACL that are used for data analysis and data manipulation. These tools also provide an analysis of all he activities performed by a forensic examiner on the database. Most of the database software tools may not be reliable to be used by database forensic investigators. Forensic study of database requires some skills on some standards for encoding data on the computer disk. Organizations are tasked with the responsibility of ensuring that their databases are kept free from attacks. It is important to be aware that and unencrypted database ca be accessed through internet (Horninger, 2007). Guidance database security firm reported a security threat to more than 3,800 people whose credit card numbers were hacked or could be accessed by hackers. Among those affected included investigative professionals from FBI and CIA (Wells, 2008). The most risky bit of the threat was the exposure of the customer’s credit card numbers which was available in the database. Guidance security worked with the US Secret Service in investigating the crime. The first step was to delete all the customers’ credit card numbers from the database as it was illegal to have them in the first place. The Guidance CEO reported that the immediate database forensic analysis helped in containing the threat. The consequences of the breach were the one where a customer lost $20,000 through unauthorized purchases on American Express bill. A database forensic firm, Kessler International was presented by a letter and an American Express bill that indicated the unauthorized purchases done through the internet (Stolfo & Bellovin, 2008). The main complaints from customers were that the company had taken too long to report the incident to the database forensics (Kedar, 2009). But the problem was that even the data for the firms that carry out forensic database forensics had been compromised and these delayed the reporting process. One major way of protecting database is by encrypting it although this might be difficult to implement for active data. Many organizations today continue to hold important data for their operation or information about their customers. For instance an accounting database system that contains confidential information on clients and suppliers may be developed. In many computers the database allows other programs that may require the data, to have access to it. Such programs should therefore be aware of how the data is stored. Some of the software used for database storage includes Oracle, Sybase, and Microsoft Access (Kedar, 2009). The types of database are relational, hierarchical, and network database. Communication Forensic Analysis The enormous growth in the Communication industry has led to criminal behaviours that are directed to mobile phone users. The changes in the mobile technology have seen the introduction of smartphones, VOIP, GPS, iPad, and other devices that might be used for forensic examination (Shoester, 2006). Criminals see these hand held devices as target for their activities. When these devices are accessed by criminals, they can be used to carry out spying activities. Spies are able to capture confidential documents or data, and at times record private individual meetings that can then be sent to different parts of the world. Phone sim cards can be attacked making criminals to impersonate other subscribers and make dubious calls using their accounts. The criminals take advantage of his as they are offered anonymity as they undertake their criminal activities (Peterson & Shenoi, 2009). The information in mobile phones such as GPS, browsing history, contact information, and text messages may be copied into other devices such as iPad and VOIP and all the traces about the criminal deleted without the knowledge of the owner. Conclusion In conclusion, When hand held devices such as mobile phones are attacked by criminals the mobile forensic experts, or communication forensic experts nay be consulted to recover all the files or data that might have been attacked or compromised (Shoester, 2006). The experts use many tools to dissect the sim card analyzing data byte by byte with an aim of tracing any evidence of the files that might have been attacked and check whether they can identify the hackers in any way. In many cases the hand held devices also form an important component of evident during the analysis (Horninger, 2007). Communication forensics experts are also forensic expert of most of the hand held gadgets and may analyze devices from different manufacturers and networks to recover lost or corrupted information from such devices to act as evidence in such criminal activities. References Anastasi, J. (2003). The new forensics: investigating corporate fraud and the theft of intellectual property. New York: John Wiley and Sons. Anson, S., & Bunting, S. (2007). Mastering Windows Network Forensics and Investigation. New York: John Wiley and Sons. Bayuk, J. (2010). Cyber Forensics: Understanding Information Security Investigations. Chicago: Springer. Bouridane, A. (2009). Imaging for Forensics and Security: From theory to practice. New York: Springer. Brinkmann, B. (2003). Progress in forensic genetics 9: proceedings from the 19th International ISFG Congress held in Munster, Germany in 2001. Orlando: Elsevier Health Sciences. Butler, J. (2009). Fundamentals of Forensic DNA Typing. Melbourne: Academic Press. Caloyannides, M. (2004). Privacy protection and computer forensics. Chicago: Artech House. EC-Council. (2009). Computer Forensics: Investigating Network Intrusions and Cybercrime. New York: Cengage Learning. Fisher, B., & Fisher, D., & Kolowski, J. (2006). Forensics Demystified. New York: McGraw- Hill Professional. Garrison, C., Lillard, T., & Schiller, C. (2010). Digital Forensics for Network, Internet, and Cloud Computing. London: Cengage Learning. Goel, S. (2010). Digital Forensics and Cyber Crime: First International ICST Conference. Boston: Springer. Horninger, M. (2007). How to Cheat at Securing SQL Server 2005. Boston: Syngress. Jahankhani, H., & Watson, D., & Me, G. ( 2009). Handbook of Electronic Security and Digital Forensics. London: World Scientific. Kanellis, P. (2006). Digital crime and forensic science in cyberspace. Chicago: Idea Group. Kedar, S. ( 2009). Database Management Systems. New Delhi: Technical Publications. Kizza, J. (2008).A Guide to Computer Network Security. London: Springer. Krutz, R., & Vines, R. (2010). Cloud Security: A Comprehensive Guide to Secure Cloud Computing. New York: John Wiley and Sons. Peterson, G., & Shenoi, S. (2009). Advances in Digital Forensics: International Conference in Digital Forensics. Florida: Springer. Sako, Hiroshi, Franke, K., & Saitoh, S. (2011). Computational Forensics: 4th International Workshop, IWCF 2010 Tokyo Japan. Orlando: Springer. Shoester, M. (2006). Forensics in Law Enforcement. Ohio: Nova Publishers. Stolfo, S., & Bellovin, S. (2008). Insider attack and cyber security: beyond the hacker. New York: Springer. Vacca, J. (2005). Computer forensics: computer crime scene investigation, Volume 1. New York: Cengage Learning. Volonino, L., & Anzaldua, R. (2008). Computer forensics for dummies. New York: For Dummies. Wells, J. (2008). Computer fraud casebook: the bytes that bite. Boston: John Wiley and Sons. Wiles, J., Cardwell, K., & Reyes, A. (2007). The best damn cybercrime and digital forensics book period. Boston: Syngress. Read More